Understanding of digital signatures

A digital signature consists of the following steps:

1. Use hashAlgorithm(Such as MD and Sha) hash the plaintext to generate a digital digest.

The hash algorithm must have five features:

A. unidirectional, that is, the process can be irreversible with hash (m) to get C, but it is almost impossible to get m from C.

B. Fast, that is, using Hash (m) to quickly obtain c.

C. Anti-collision, that is, it is almost impossible to have m1 and m2, so that hash (M1) = hash (m2)

D. avalanche, that is, changing a bit in M changes at least half of the obtained C.

E. There is no length limit for M, but for C, the fixed length of C can always be obtained.

In addition, you can use the hash algorithm containing the key to generate a digital digest, which increases security.

2. Use your private key to encrypt the digital digest to obtain a digital signature. (This step is based on asymmetric encryption. Because asymmetric encryption is more secure than symmetric encryption, asymmetric encryption is generally used to encrypt the digital digest. asymmetric encryption algorithms include RSA, DSA and ECC [Elliptic Curve encryption algorithms)

3. using symmetric encryption algorithms (such as des and RC) to encrypt plaintext is more secure than using your own private key to encrypt plaintext, but less secure than using the other public key to encrypt plaintext, however, since public key encryption is not very mature, it is very slow to use public key encryption, especially when the text is very long .)

4. If the digital signature is not long, you can use the public key of the other party for encryption. If the digital signature is long, you can use the symmetric encryption algorithm for encryption.

5. Use the public key of the other party to encrypt the symmetric encryption key, the hash algorithm key (if any) and its own public key (if required ).

6. Package the encrypted plaintext, digital signature, and various keys to the other party.

7. After receiving the accesskey, the recipient decrypts various keys, plaintext and digital signatures.

8. Use the sender's public key to decrypt the digital signature to obtain the abstract.

9. Use the same hash algorithm to encode the received plaintext to obtain the digital digest used for verification (use the hash key if necessary ).

10. Compare the Received Number summary with the self-generated number summary for verification to obtain the result.

 

Digital signatures ensure the confidentiality, integrity, and non-repudiation of files.

 

Problems in the practical application of digital signatures:

1. The signed file may be used repeatedly by the recipient. The solution is to add some special creden, such as the timestamp.

2. The length of the key. If the key grows longer, it is not conducive to use and management, such as the RSA key.